While this specific vulnerability does not apply to vCenter Server 6.5, there are other vulnerabilities in this security advisory that do, so regardless of your version, it is important to update your vCenter Server to the latest version released on September 21, 2021. Any attacker with network access to port 443 on a vCenter Server is able to exploit this vulnerability and execute code on the vCenter Server by uploading a specially crafted file. Rated with a CVSSv3 base score of 9.8, the vulnerability lies in the Analytics service. The most critical vulnerability is the file upload vulnerability. vCenter Server file upload vulnerability (CVE-2021-22005) The most critical vulnerability is an arbitrary file upload vulnerability in the Analytics service that requires immediate patching. VMware released its latest security advisory which contains 19 new vulnerabilities for all three currently supported versions 6.5, 6.7, and 7.0.
